[Asrg] where the message originated (was: DKIM role?) (SM)
Ian Eiloart
iane at sussex.ac.uk
Wed Jan 21 02:30:20 PST 2009
--On 20 January 2009 12:03:49 -0500 Chris Lewis <clewis at nortel.com> wrote:
> Ian Eiloart wrote:
>
>> Maybe not so distant:
>> <http://mipassoc.org/pipermail/ietf-dkim/2008q1/009039.html>
>>
>> This is a plea from Dave Crocker (author of rfc822) to take a
>> Thunderbird extension that checks spf and dk, and add support for dkim.
>
> I remember that and the plea.
>
> The plugin didn't do SPF. It couldn't do SPF, because it didn't have
> access to either the MAIL FROM or HELO/EHLO. It did something similar
> to SPF (From:).
Hmm, I'd have assumed that it checked the Received: headers to find an IP
address that got an SPF pass with the content of the Return-Path: header.
Of course, a spammer could always forge a suitable Received: header. I
can't see that this could have worked 100% reliably. There would have been
cases where are reliable warning could have been given, but they'd require
a -all entry in the SPF record.
>
> Even to get it to do From: "properly" required intimate knowledge of
> your mail server architecture.
>
> You could make it do SPF properly if you hacked your MTAs to add various
> headers showing details about the perimeter connection (HELO, IP, rDNS,
> MAIL FROM).
>
> We do insert such info, but it obviously wasn't going to be worthwhile
> hacking the plugin to recognize our additional headers.
>
> The DK stuff didn't work at all AFAIK.
Well, that sucks. Is that because the DK signature was broken in transit?
> It was an experiment. As an experiment, I believe it died.
> _______________________________________________
> Asrg mailing list
> Asrg at irtf.org
> http://www.irtf.org/mailman/listinfo/asrg
--
Ian Eiloart
IT Services, University of Sussex
x3148
More information about the Asrg
mailing list